Skills
skills/open-horizon-labs/miranda/oh-ci/Gen Agent Trust Hub

oh-ci

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes project-defined build and test scripts such as pnpm typecheck, pnpm test, pnpm lint, cargo check, cargo test, and cargo clippy.
  • Evidence: Step 6 in SKILL.md explicitly instructs the agent to run these commands and adapt them based on project files like package.json or Makefile.
  • Risk: If a Pull Request contains a malicious package.json or test suite, the agent will execute those commands with its current permissions.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external Pull Requests.
  • Ingestion points: The skill reads CI logs via gh api, PR branch code via git fetch, and project context from .wm/dive_context.md.
  • Boundary markers: No explicit delimiters or instructions are used to separate untrusted data from the agent's core instructions.
  • Capability inventory: The agent has the ability to commit and push code (git push), create GitHub issues (gh issue create), and execute arbitrary shell commands via the project's build system.
  • Sanitization: No sanitization or validation of the ingested CI logs or source code is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:04 PM
Security Audit — agent-trust-hub — oh-ci